scripts/cros_on_device_fuzz.py

#!/usr/bin/env python3
# Copyright 2022 The ChromiumOS Authors.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

"""Run fuzzers on ChromeOS Devices for given packages.

Given a remote host and a list of portage packages,
run the associated package fuzzers in a sysroot on the
remote host.

As of 2022-10-24, this script is intended to
only test fuzzers on x86_64 devices.

Example:
    cros_on_device_fuzz setup 'myhost:1234' 'my_package'
    cros_on_device_fuzz fuzz 'myhost:1234' 'my_installed_fuzzer'
"""

import logging
from pathlib import Path
import re
import tempfile
from typing import Iterable

from chromite.lib import commandline
from chromite.lib import cros_build_lib
from chromite.lib import on_device_fuzz
from chromite.lib import remote_access


_DEFAULT_PRIVATE_KEY = Path.home() / ".ssh" / "testing_rsa"
_DUT_FUZZER_ROOT = Path("/usr/local/tmp/fuzzer_root")
_IMPLICIT_SYSTEM_PACKAGE = "virtual/implicit-system"
_PACKAGE_SEPARATOR = re.compile("[ ,]+")


def main(argv: Iterable[str]):
    """Dispatch to other functions."""
    args = parse_args(argv)
    args.func(args)


def setup_main(args):
    """Setup up the DUT for fuzzing."""
    cros_build_lib.AssertInsideChroot()
    device = _parse_device(args.device_host, _DEFAULT_PRIVATE_KEY)
    # We do this version check to ensure we have a CrOS device
    # immediately.
    try:
        version = device.version
    except Exception:
        logging.error("Unable to get version of remote %s", args.device_host)
        raise
    logging.info("Connected to %s; CrOS version %s", args.device_host, version)
    packages = set(re.split(_PACKAGE_SEPARATOR, args.packages))
    # We require virtual/implicit-system so that we can
    # build the on-device sysroot. Without it, we'll
    # miss critical libs and binaries.
    packages.add(_IMPLICIT_SYSTEM_PACKAGE)
    with tempfile.TemporaryDirectory() as tmpdir:
        tmpdir = Path(tmpdir)
        tarball_name = "sysroot_fuzzer_tarball.tar.xz"
        on_device_fuzz.create_sysroot_tarball(
            packages=packages,
            board="amd64-generic",
            output_path=tmpdir / tarball_name,
        )
        on_device_fuzz.create_dut_sysroot(
            device,
            sysroot_tarball=tmpdir / tarball_name,
            sysroot_device_path=_DUT_FUZZER_ROOT,
        )
    logging.info("Fuzzer set up complete for %s", args.device_host)


def fuzz_main(args):
    """Run a given fuzzer on the DUT."""
    cros_build_lib.AssertInsideChroot()
    fuzzer_install_path = Path("/usr/libexec/fuzzers")
    device = _parse_device(args.device_host, _DEFAULT_PRIVATE_KEY)
    libfuzzer_options = {}
    on_device_fuzz.run_fuzzer_executable(
        device,
        sysroot_device_path=_DUT_FUZZER_ROOT,
        sysroot_fuzzer_path=fuzzer_install_path / args.fuzzer_name,
        libfuzzer_options=libfuzzer_options,
    )


def _parse_device(
    device_host: str, private_key: Path
) -> remote_access.ChromiumOSDevice:
    """Get ChromiumOSDevice host from device_host format string.

    Gets a ChromiumOSDevice, executing as root.

    Args:
        device_host: 'hostname:port' or 'hostname' string.
        private_key: Path to private key to log into the device for.

    Returns:
        A remote_access.ChromiumOSDevice connection.

    Raises:
        ValueError if device_host is not formatted correctly.
    """
    host = device_host.split(":")
    if len(host) == 2:
        device = remote_access.ChromiumOSDevice(
            host[0],
            port=host[1],
            username="root",
            private_key=private_key,
            connect=True,
        )
    elif len(host) == 1:
        device = remote_access.ChromiumOSDevice(
            host[0],
            username="root",
            private_key=private_key,
            connect=True,
        )
    else:
        raise ValueError(f"Badly formatted device host: {device_host}")
    return device


def parse_args(raw_args: Iterable[str]):
    """Parse CLI arguments."""
    parser = commandline.ArgumentParser(description=__doc__)
    parser.add_argument(
        "--private-key",
        type=Path,
        default=_DEFAULT_PRIVATE_KEY,
        help=f"RSA key for device. (default: {_DEFAULT_PRIVATE_KEY})",
    )
    subparsers = parser.add_subparsers()

    # setup subcommand
    setup_parser = subparsers.add_parser(
        "setup", help="Installs fuzzers on device sysroot."
    )
    setup_parser.set_defaults(func=setup_main)
    device_host_help = "Device host, in the format 'hostname:port'"
    setup_parser.add_argument(
        "--device-sysroot-path",
        type=Path,
        help="Absolute location on device for the"
        f" fuzzer sysroot. (default: {_DUT_FUZZER_ROOT})",
        default=_DUT_FUZZER_ROOT,
    )
    setup_parser.add_argument("device_host", help=device_host_help)
    setup_parser.add_argument(
        "packages",
        help="Portage packages to install fuzzers for."
        " Space or comma separated."
        f" Automatically includes {_IMPLICIT_SYSTEM_PACKAGE}",
    )

    # fuzz subcommand
    fuzz_parser = subparsers.add_parser(
        "fuzz", help="Runs a fuzzer in device sysroot."
    )
    fuzz_parser.set_defaults(func=fuzz_main)
    fuzz_parser.add_argument("device_host", help=device_host_help)
    fuzz_parser.add_argument(
        "fuzzer_name", help="Name of the fuzzer executable to run."
    )

    return parser.parse_args(raw_args)